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About This Guide 


The objective of this guide is to provide introductory, setup, and 
troubleshooting information for the Yellow Pages Service (YP). This guide 
will assist you in developing YP management procedures and presents 
guidelines from which you can develop specific procedures for your site. 


Audience 


This guide is meant for the person responsible for maintaining networks on 
an ULTRIX operating system. This person is usually the system manager, 
but could be a network manager or the system manager who is also a user 
of a MicroVAX processor. This guide assumes that the reader is familiar 
with the ULTRIX system commands, the system configuration, the naming 
conventions, and an editor such as vi or ed. It assumes that the reader 
knows the names and addresses of the other systems on the network. 


Organization 
This guide consists of four chapters and an index. The chapters are: 


Chapter 1: Introduction 
This chapter introduces YP and provides the background information 
needed before you can set up and run YP on your system. Also, 
basic YP concepts are described. 


Chapter 2: Setting Up the Yellow Pages Service 
This chapter describes how to set up YP on your system 
automatically using the ypsetup command. It also describes how to 
set up YP manually. The manual description is included for those 
who want to understand how YP operates and which files are affected 
by YP. 


Chapter 3: Maintaining and Managing the Yellow Pages Service 
This chapter describes how to maintain and manage the YP service. 
System security and YP map access policies are discussed. 


Chapter 4: Troubleshooting the Yellow Pages Service 
This chapter describes the basic approach to solving YP-related 
problems. It discusses various system problems you may encounter 





and explains how to solve them. In addition, this chapter lists the 
YP error messages and suggested solutions. 


ey 


Related Documents 

You should have available the related hardware documentation for your | 
system. You should also have the ULTRIX documentation set, including 
the ULTRIX Reference Pages. 


Conventions 
The following conventions are used in this guide: 


special In text, each mention of a specific command, option, 
partition, pathname, directory, or file is presented in this 


type. 


command(x) In text, cross-references to the command documentation 
include the section number in the reference manual where 
the commands are documented. For example: See the 
cat(1) command. This indicates that you can find the © 
material on the cat command in Section 1 of the reference 


pages. 
literal In syntax descriptions, this type indicates terms that are 
constant and must be typed just as they are presented. 
italics In syntax descriptions, this type indicates terms that are 
variable. 
[ ] In syntax descriptions, square brackets indicate terms that 


are optional. 


In syntax descriptions, a horizontal ellipsis indicates that 
the preceding item can be repeated one or more times. 


function In function definitions, the function itself is shown in this 
type. The function arguments are shown in italics. 


UPPERCASE The ULTRIX system differentiates between lowercase and 
uppercase characters. Enter uppercase characters only 
where specifically indicated by an example or a syntax line. 


example In examples, computer output text is printed in this type. 
example In examples, user input is printed in this bold type. 


% This is the default user prompt in multiuser mode. 


system# 


>>> 


KEYNAME 


CTRL/x 


This is the superuser prompt on the system indicated by 
the system name specified. 


This is the default superuser prompt. 


This is the console subsystem prompt. 
In examples, a vertical ellipsis indicates that not all of the 


lines of the example are shown. 


In examples, a word or abbreviation in angle brackets 
indicates that you must press the named key on the 
terminal keyboard. 


In examples, symbols like this indicate that you must hold 
down the CTRL key while you type the key that follows 
the slash. Use of this combination of keys may appear on 
your terminal screen as the letter preceded by the 
circumflex character. In some instances, it may not appear 
at all. 





| 
t 
| 
t 
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Introduction to the Yellow Pages Service 1 


This chapter introduces the network data base service called Yellow Pages 
CYP); 
YP is a distributed data base lookup service that provides these services: 


° It maintains a set of data bases. Programs can ask for the value 
associated with a particular key or any group of keys in a data base. 


e It propagates updated data bases among the systems on the network 
(YP domain), ensuring consistency. The YP data bases are fully 
duplicated on several systems known as YP servers. Multiple servers 
give the YP service a high degree of availability and reliability 
because the query response is the same everywhere. 


A YP domain is a directory in /var/yp containing a named set of YP maps. 
You can determine your YP domain by executing the domainname 
command. Note that YP domains are different from both Internet domains 
and sendmail domains. 


A domain name is required for retrieving data from a YP data base. Each 
system on the network belongs to a default domain set in /etc/rc.local at 
boot time with the domainname command. If your YP domain is market 
and you want to find the Internet address of host sugar, you must ask YP 
for the value associated with the key sugar in the map hosts.byname 
within the YP domain market. For example: 


% ypcat hosts | grep sugar 


A YP server holds all the maps of a YP domain in a subdirectory of 
/var/yp, named after the domain. For example, maps for the market 
domain would be held in /var/yp/market. YP uses this information 
internally. 


A YP map is a set of data base files residing in the directory 
/varlyp/domainname. The YP maps contain the information that YP serves, 
and each map contains a set of keys and associated values. For example, 
the hosts map contains all host names on a network as keys and the 
corresponding Internet addresses as values. Each YP map has a map 
name, used by programs to access data in the map. 








Programs must know the format of the data in the map. Most maps are 
derived from ASCII files such as /etc/passwd, /etc/group, /etc/hosts, and 
/etc/networks. Maps are implemented by dbm files located in the 
/varlyp/domainname directory on the YP servers. See dbm(3x) in the 
ULTRIX Reference Pages for information about the dbm file format. 


Servers provide resources and clients use them. There is not necessarily a 
one-to-one correspondence between servers, clients, and systems. In fact, a 
system that acts as a server can also act as a client. To illustrate, 
consider two different services: the Network File System (NFS) and YP. 


NFS allows client systems to mount remote file systems and directories 
and to access files in place, provided a server system has exported the file 
system or directory. A server that exports file systems and directories 
may also mount remote file systems and directories exported by other 
systems, thus becoming a client. A given system can be both server and 
client, a client only, or a server only. 

The YP server is a process rather than a system. A process can request 
information out of the YP data base, obviating the need to have such 
information on every system. All processes that make use of the YP 
service are YP clients. 

Sometimes YP clients are served by YP servers on the same system, and 
other times by YP servers running on a different system. If a remote 
system running a YP server process exits, client processes can obtain the 
YP service from another system. This feature makes the YP service 
almost always available. 

In the YP environment, only a few systems have a set of YP data bases. 
YP makes the data base set available over the network. A YP client 
system runs YP processes and requests data from data bases on other 
systems. Two kinds of systems have data bases: a YP slave server and 
a YP master server. For any map, one YP server is designated the 
master, and all changes to the YP map should be made on that system. 
The changes then propagate from master to slaves. 


Note 
The /etc/yp directory is symbolically linked to /var/yp. 


YP clients do not need to know the location of data, or how it is stored. 
Instead, they use a network protocol to communicate with a data base 
server that knows those details. 


The following topics are discussed in this chapter: 
e The YP service 


® YP command quick reference 


1.1 The YP Service 


The YP service provides a way or method for the network manager to 
maintain consistency among selected system administrative files on all the 
systems in a YP domain. There are two parts of YP to consider: how it 
operates, and what system files from /etc are affected by YP. 


The YP service maintains network-wide data bases, such as /etc/hosts. The 
servers throughout the network contain copies of the YP maps. When any 
system on the network wants to look up something in /etc/hosts, it makes 
a remote procedure call (RPC) to one of the servers to get the 
information. One server is the master the only server whose data base 
may be modified. The other servers are slaves, and they are periodically 
updated so that their information is synchronized with that of the master 
server. 

YP can serve any number of files including some of those that reside in 
the /etc directory, such as /etc/passwd and /etc/networks. In addition to 
these, users can add their own files to YP. 


The following sections describe various aspects of how YP accomplishes its 
services. 


1.1.1 Naming Domains 


A domain is a collection of systems that shares a set of YP maps and 
shares the same YP master server. The domainname command tells a 
user the name of the system’s domain. The getdomainname system call 
returns the name of the domain to the program that called it. 


Data is stored in the directory /var/yp/domainname. A system can contain 
data for several different domains. 


1.1.2 Storing Data 


YP maps store data in dbm files. For example, the YP map for /etc/hosts 
in the domain market is stored in these files: 


/var/yp/market/hosts.byaddr.dir 
/var/yp/market/hosts.byaddr.pag 
/var/yp/market/hosts.byname.dir 
/varlyp/market/hosts.byname.pag 


The makedbm command takes an ASCII file such as /etc/hosts and 
converts it into dbm files suitable for use by YP. However, system 
administrators should use the Makefile in /var/yp to create YP map files. 
This Makefile in turn calls makedbm. See ypmake(8yp) in the ULTRIX 
Reference Pages for further information on rebuilding YP data bases. 


\ 
: 
i 








1.1.3 Default YP Files 
These are the default data base files that YP serves: 


/etc/hosts 
/etc/passwd 
/etc/group 
/etc/networks 
/etc/rpc 
/etc/services 
/etc/protocols 
/etc/netgroup 


Library routines such as getpwent, getgrent, and gethostent use YP. C 
programs that call these library routines will need to be relinked to 
function correctly. 


Note 


If YP is running, the library routines such as getpwent, getgrent, 
and gethostent, cause entries served by YP to to be returned in 
the order the data appears in the YP map. This returned order 
is not necessarily the same as the original ASCII files. See the 
yp__next function described in ypcint(3yp) in the ULTRIX 
Reference Pages for further information. 


The following sections discuss each of the default files. 


1.1.3.1 The /etc/hosts File —- The hosts file is stored as two different 
files in YP. The first, hosts.byname, is indexed by host name. The 
second, hosts.byaddr, is indexed by Internet address. The hosts YP map 
expands into the four YP map files, with the suffixes .pag and .dir. 


When a user program calls the library routine gethostbyname, a single RPC 
call to a server retrieves the entry from the hosts.byname file. Similarly, 

gethostbyaddr retrieves the entry from the hosts.byaddr file. If YP is not 

running (which you can cause by commenting out the ypbind entry in the 

/etc/rc.local file), then gethostbyname reads the /etc/hosts file. 


Maps sometimes have more than one name. Although the ypcat command 
is a general YP map print program, it knows about the standard files in 
YP. Thus, the command ypcat hosts is translated into ypcat 
hosts.byaddr, because there is no file called hosts in YP. Type the 
following command for a list of expanded names: 








# ypcat —x 


1.1.3.2 The /etc/passwd File - The passwd file is similar to the hosts 
file. It exists as two separate files, passwd.byname and passwd.byuid. 
The ypcat program prints it, and ypmake updates it. Unlike the 
gethostbyaddr and the gethostbyname library functions, however, the 
getpwent function reads the local /etc/passwd file and interprets the YP 
special characters plus, minus, and at (+, -, @). A plus (+) entry is 
used to include the entries from the YP passwd map. A minus (—) entry, 
on the other hand, is used to prevent this user from logging in to the 
system regardless of the YP passwd map. The at (@) character can be 
used in conjunction with plus and minus entries to either include or 
exclude members of the network group specified. See netgroups(5yp) in 
the ULTRIX Reference Pages for further information. 


If you wrote a program using getpwent to print all the entries from your 
password file, it would print a virtual password file. Rather than printing 
+ and -, it would print whatever entries the local password file included 
from the YP map. 


If you are running YP and need to change a password, you must change 
the password in the YP map using the yppasswd command unless you 
need to modify an entry in the local /etc/passwd file. The yppasswd 
command has the same user interface as the passwd command, but works 
only if the yppasswdd daemon is running on the YP master server. 


Note 


The passwd command does not change the password YP map. 

It only changes the local password file (/etc/passwd) and not the 
YP master password file on the YP master server that is usually 
stored as /var/yp/src/passwd. See Chapter 3 for further 
information. 


1.1.3.3 Other YP Files —- Of the other files in the /etc directory, 
/etc/group is treated like /etc/passwd, in that getgrent only consults the YP 
group map if explicitly told to do so by plus or minus (+,-) entries in 
the /etc/group file. The files /etc/networks, /etc/rpc, /etc/services, 
/etc/protocols, and /etc/netgroup are treated like /etc/hosts: for these files, 
the library routines go directly to YP, without consulting the local files. 


Any plus or minus (+,-) entries have no affect in the /etc/networks, 
/etc/hosts, /etc/rpc, /etc/protocols, /etc/services, and /etc/netgroup files. 





1.2 YP Command Quick Reference 


Most of the information describing the structure of YP and the commands 
available for it is contained in the ULTRIX Reference Pages. For a quick 
reference, the related commands and abstracts of their functions are listed 
here. 


makedbm ( 8yp) 
Describes a low-level tool for building a dbm file, which is a valid YP 
map. Data bases not built from /var/yp/Makefile can be built using 
makedbm. The makedbm command also disassembles a map so that 
you can see the key-value pairs. You can modify the disassembled 
form with standard tools (such as editors, awk, grep, and cat). The 
disassembled map is in the form required for input back into 
makedbm. 


ypcat(lyp) 
Displays the contents of a YP map. You can use ypcat when it does 


not matter which server’s version you are seeing. If you need to see 
a particular server’s map, log in to that server (using rlogin, or the 
rsh command) and use the makedbm command. 


ypmake ( 8yp) 
Describes how to use /var/yp/Makefile, which builds several commonly 
changed components of the YP maps. These components are the 
maps built from several ASCII files normally found in the /etc 
directory: group, hosts, netgroup, networks, passwd, protocols, rpc, 
and services. 


ypmatch(lyp) 
Prints the value for one or more specified keys in a YP map. You 
have no control over which server’s version of the map you are 
seeing. 

yppoll( 8yp) 
Asks any ypserv process for the information it holds internally about a 
Single map. 

yppush ( 8yp) 
Describes a tool to administer a running YP system. It is run on 
the master YP server. It requests each of the ypserv processes 
within a domain to transfer a particular map, waits for a summary 
response from the transfer agent, and prints the results for each 
server. 


ypserv( 8yp) 
Describes the processes that make up YP. These processes are 
ypserv, the YP map server daemon, and ypbind, the YP binder 
daemon. The ypserv process must run on each YP server. The 


ypbind daemon must run on all systems that act as YP clients. 


ypsetup ( 8yp) 
Sets up your system YP environment for the first time. The ypsetup 
command initializes the default maps for a master YP server, 
transfers copies of the master YP server maps for a slave YP server, 
and sets up the /etc/rc.local file for the master, slaves, and clients on 
the domain. 


ypwhich( lyp) 
Tells you which YP server a system is using at the moment or which 
YP server is the master of some named map. 


ypxfr ( 8yp) 
Moves a YP map from one YP server to another, using YP itself as 
the transport medium. It can be run interactively or periodically from 
/etc/crontab. In addition, ypserv uses ypxfr as its transfer agent when 
it is asked to transfer a map. 


; 
| 
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This chapter explains how to set up the Yellow Pages (YP) service on 
your system using the ypsetup command. It also describes how to set up 
YP manually and how to modify an existing YP environment. See Chapter 
1 for a description of YP. 


The topics discussed in this chapter are: 

e Overview of setting up a YP server and client 

® Prerequisite information for setting up a YP server or client 
e Setting up YP automatically 

e Setting up YP manually 

e Altering YP client files 

e Creating and modifying YP maps 

® Propagating YP maps 


2.1 Overview of Setting Up a YP Server and Client 


To set up a system as a server, the system must contain the YP maps 
and must also run the YP daemons /etc/portmap and /usr/etc/ypserv. In 
addition, the YP master server needs to run the /usr/etc/roc.yppasswdd 
daemon. The ypsetup command places an entry in the /etc/rc.local file to 
start these daemons automatically at boot time. 


Any system, including a YP server, can act as a YP client by running the 
/etc/ypbind daemon. A YP client gets its information from a YP server if 
the information is not in the client’s local files. If a YP client cannot find 
the information in its local files, it makes an RPC call to a YP server and 
gets the information from a YP map. 


The ypbind daemon remembers the name of the YP server. When a client 
boots, ypbind broadcasts a request to the Ethernet wire asking for the 
name of the YP server. Similarly, ypbind broadcasts a request for the 
name of a new YP server if the old server has gone off the network for 
any reason. The ypwhich command gives the name of the server that the 
ypbind daemon currently points to. 





Users on a YP client can use the ypcat and ypmatch commands to print 
data from a YP map. The following command prints the information in 
the YP hosts map: 


# ypcat hosts 
Similarly, the following command prints the information in the YP passwd 
map: 

# ypcat passwd 
To look for someone’s password entry, you need to use either the ypcat or 


the ypmatch command. For example, to obtain the password entry for a 
user named jane, use one of the following command lines: 


# ypcat passwd | grep jane 
# ypmatch jane passwd 


2.2 Prerequisite Information 


Before you can set up YP on your system, your system must be in 
multiuser mode with the /usr file system mounted, and your system must 
be established on a local area network. In addition, you must know the 
answers to the following questions: 


e What is the default YP domain name for your system? 
e Will your system be the YP master server on the domain? 


If your system will be the master server: 


_ You must be sure there is no other master already existing on 
the domain. 


- You must know the names of the YP slave servers on your 
domain. To keep the YP maps consistent across all YP servers, 
the YP master server maintains a list of slave servers to send 
the updated copies of the maps using the yppush command. 

The ypsetup command will add the names you enter to the 
master server’s list. 


e Will your system be a YP slave server? 


If your system will be a YP slave server, be sure there is a YP 
master server already on the domain. Otherwise, you will not be 
able to initialize the YP maps for your system. 


e Will your system be a YP client server? 


You must be sure there is at least one other system on the network 
configured as either a YP master or slave server. Otherwise, you 


will not be able to access the YP maps. 


Once you have the required information, you are ready to set up the YP 
service. 


2.3 Setting Up YP Automatically 


To set up YP automatically, run the ypsetup command. Then, modify the 
YP data base files as outlined in Sections 2.3.1 and 2.3.2. 


2.3.1 Run the ypsetup Command 
With the system in multiuser mode, run the ypsetup command: 


# /etc/ypsetup 


Once ypsetup is running, it prints an informational message. 


Answer each of the ypsetup prompts. The ypsetup command asks if you 
want the YP daemons started automatically. If you say yes, then the YP 
service will run when ypsetup terminates. If you say no, then you will 
need to start the YP daemons by hand after ypsetup terminates, in order 
for YP to run. Either way the YP daemons will start automatically upon 
subsequent system reboots. 


When ypsetup has made the required modifications, it prints this 
informational message: 


eure VELLOW PAGES SETUP COMPLETE ***** 


The ypsetup command checks to see if the file /etc/svcorder exists. The 
svcorder file designates the order in which database lookup services such as 
YP and BIND are to be searched to resolve host names and addresses. 
This file is required for the YP service to run. 


If the svcorder file does not exist, then ypsetup creates it with an entry 
for the YP service. If the svcorder file already exists but does not contain 
an entry for YP, ypsetup gives you this reminder: 

Be sure to update the svcorder file to reflect the proper 


order in which to access the Yellow Pages service for host 
name/address resolution. 


If you are running more than one service, you should consider the order in 
which the services are to be queried. You can edit the /etc/svcorder file to 
reflect this order after ypsetup completes. 


See svcorder(5) in the ULTRIX Reference Pages for further information 
about this file. 








2.3.2 Modify the Defauit Data Base Files 


If your system will be a YP client, edit the original versions of the default 
data base files to include the YP escape characters. This is described in 
Section 2.5. These files are: /etc/group, /etc/hosts, /etc/netgroup, 
/etc/networks, /etc/passwd, /etc/protocols, and /etc/services. 


2.4 Setting Up YP Manually 


For an interactive setup with default answers, follow the automatic YP 
setup procedure (see Section 2.3). 


This section describes how to set up your system manually as a YP 
master server, slave server, or client and helps you to understand how YP 
works. 


Both the client and the server must be connected to an Internet network 
for YP to be able to run. 


The following topics are discussed in this section: 
e Setting up a YP master server 

@ Setting up a YP slave server 

@ Setting up a YP client 


2.4.1 Setting Up a YP Master Server 


The following files must contain the data that will be served to the YP 
clients on the domain: 


e /etc/group 


® /etc/hosts 

e /etc/networks 
e letc/passwd 

e /etc/protocols 
e fetc/rpc 

e /etc/services 
e fetc/netgroup 


If any of these files are not up to date, edit them and add the correct 
entries. For example, the passwd file must contain an entry for each user 
on the domain that the YP master server will serve. 

In addition, be sure the /etc/netgroup file is complete. If you do not have 
an /etc/netgroup file, create an empty one by typing the following 
command: 





# cp /dev/null /etc/netgroup 


See netgroup(5yp) in the ULTRIX Reference Pages for further information 
about the netgroup file. 


By default, the YP maps for the YP master server are constructed from 
the files residing in the /etc directory. If you want to modify the /etc 
files to contain only the local entries for the master server, create a 
directory such as /var/yp/src. Then copy the master copies of the files to 
it. You should make all future modifications there. 


If you plan to run make, ensure that the netgroup file is in /etc. If it is 
not in /etc, the make command will not find the netgroup file. 


For further information, see make(1) in the ULTRIX Reference Pages. 


To set up your system manually as a YP master server, follow these steps: 


Establish the YP domain 
Build the default YP maps 
Start the YP server daemons 
Modify the default YP files 
Start the YP password server 
Edit the /etc/rc.local file 
Modify the /etc/svcorder file 
Create the YP servers map 
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2.4.1.1 Establish the YP Domain - Set the domain name and create the 
domain directory. In the following example, the domain name is set to 
market: 


ypmaster# /bin/domainname market 
ypmaster# mkdir /var/yp/market 


2.4.1.2 Build the Default YP Maps — Build the default YP maps: 


ypmaster# cd /var/yp 
ypmaster# make NOPUSH="Y" 


2.4.1.3 Start the YP Server Daemons — If the RPC port mapper is not 
running, start it: 





ypmaster# /etc/portmap 


After you have started the RPC port mapper, or if the port mapper is 
already running, start the ypserv daemon: 


ypmaster# /usr/etc/ypserv 


2.4.1.4 Modify the Default YP Files - If your system will be acting as a 
YP client in addition to being a YP master server, create a directory such 
as /var/yp/src. Then, copy the default files to that directory (/etc/group, 
/etc/hosts, /etc/netgroup, /etc/networks, /etc/passwd, /etc/protocols, /etc/rpc, 
and /etc/services). Edit the original default files in /etc as described in 
Section 2.5. 


If you change the directory for all the default files, edit the Makefile and 
modify the DIR argument so that it specifies the new directory. For 
example, if the original directory was /etc and the new directory is 
/var/yp/src, here is the new argument to Makefile: 


DIR=/var/yp/src 


If you change the directory for some of the default files, but not all of 
them, edit only the Makefile DIR arguments for those particular files. 


If you change the directory for the password file, in addition to editing the 
Makefile, be sure to edit the /etc/rc.local file to reflect the new directory. 
For example, if the new directory for /etc/passwd is /var/yp/src, be sure the 
following entry is in the /etc/rc.iocal file: 


/usr/fetc/rpce.yppasswdd /var/yp/src/passwd \ 
—-m passwd DIR=/var/yp/src 


Note 


If you want to modify the YP master files at any time 
thereafter, you should modify the files in the holding area, such 
as /var/yp/src. Then, run the makedbm command. The files in 
/fetc are the YP master server’s local files and do not contain 
entries for the YP clients on the domain. 


Start the ypbind daemon: 
ypmaster# /etc/ypbind 


2.4.1.5 Start the YP Password Server - To allow YP clients to change 
their YP password entries, start the YP password server daemon. For 
example, if the master version of the passwd file is stored as 
/var/yp/src/passwd, type: 








ypmaster# /usr/etc/rpce.yppasswdd /var/yp/src/passwd \ 
-m passwd DIR=/var/yp/sre & 


2.4.1.6 Edit the /etc/rc.local File — Add an entry to the /etc/rc.local file 
to set up the default YP domain name, using this format: 


/bin/domainname domainname 


You also need to add entries for the /etc/portmap, /usr/etc/ypserv, 
/usr/etc/rpc.yppasswdd, and /etc/ypbind daemons. For example, the entry 
for ypserv should look like this: 

if [ -f /etc/portmap ~a -f /usr/etc/ypserv ]; then 

/usr/etc/ypserv; echo -n ”° ypserv’ >/dev/console 

f i 
On subsequent reboots, the YP service automatically starts from the 
/etc/rc.local file. 


Note 


The order in which the entries appear in the /etc/rc.local file 
determine the order in which the services are started when the 
system is brought to multiuser mode. Be sure that all YP 
entries precede any NFS daemons or other service daemons, such 
as Ipd for the printer service in this file. Also, be sure that the 
entry for the domain name precedes the entries for the YP 
daemons. 


2.4.1.7 Modify the /etc/svcorder File ~ You need to modify the 
/etc/svcorder file. If it does not exist, then you should create it. This file 
designates the order and selection of database lookup services. It consists 
of the service names, one service per line, in the order they are to be 
queried. For example, if you are only running YP, the /etc/svcorder file 
should consist of this one line: 


yp 
If you are running both the YP service and the BIND service and you 
want the BIND service queried in the event that YP fails to find the 
information, here are the proper entries: 


yp 
bind 


Note that the order in which the service names appear in the file is 
significant. See svcorder(5) in the ULTRIX Reference Pages for further 
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2.4.1.8 Create the YP Servers Map - Use the makedbm command to 
create the YP servers map. For example, if the domain name is market 
and the YP slave servers for the domain are osprey and nuthatch, type: 


ypmaster# cd /var/yp 

ypmaster# makedbm ~—- market/ypservers 
opsprey 

nuthatch 

<CTRL/D> 


2.4.2 Setting Up a YP Slave Server 


The local area network must be established before you can set up your 
system as a YP slave server. In particular, you must be able to copy files 
from the YP master server to the slave server, using the rep command. 
There must also be a YP master server on the network running the ypserv 
daemon for the domain. 


To set up your system manually as a YP slave server, follow these steps: 
Establish the YP domain . 

Obtain copies of the YP maps 

Start the YP server daemons 

Modify the default YP data base files 

Edit the /etc/rc.local file 

Modify the /etc/svcorder file 

Edit the /usr/lib/crontab file 

Add the new slave server to the domain 


OP hee ae ee ee NO 


2.4.2.1 Establish the YP Domain - Set the domain name and create the 
domain directory. For example, if your domain name is market, type: 


ypslave# /bin/domainname market 
ypslave# mkdir /var/yp/market 


2.4.2.2 Obtain Copies of the YP Maps - Run the YP transfer command 
ypxfr for each YP map your system will serve. For example, to run ypxfr 
on a system with a YP master called orville on a domain called market for 
the /etc/passwd map, type: 





ypslave# ypxfr —-h orville -c —-d market passwd.byname 
ypslave# ypxfr —-h orville —-c ~d market passwd.byuid 


To find a list of the YP maps that your system can serve, look on the 
YP master in the /var/yp/domainname directory. For example: 
/var/yp/market. 


2.4.2.3 Start the YP Server Daemons — If the RPC port mapper is not 
running, start it: 


ypslave# /etc/portmap 


After the RPC port mapper is running, start the ypserv daemon: 


ypslave# /usr/etc/ypserv 


2.4.2.4 Modify the Default YP Data Base Files — If your system will 
act as a client, in addition to being a YP slave server, edit the default 
data base files as described in Section 2.5. Then, start the ypbind 
daemon: 


ypslave# /etc/ypbind 


2.4.2.5 Edit the /etc/rc.local File ~ Add an entry to the /etc/rc.local file 
to set up the default YP domain name. For example, if the domain name 
is market, the entry should look like this: 


/bin/domainname market 
You also need to add entries for the /etc/portmap, /usr/etc/ypserv, and 


letc/ypbind daemons. For example, the entry for the /etc/portmap daemon 
is: 


if [— -f /etc/portmap ]; then 
/etc/portmap; echo -n ° portmap’ >/dev/console 
fi 


The entry for the ypbind daemon should look like this: 


if [— -f /etc/portmap -a -f /etc/ypbind ]; then 
/etc/ypbind; echo -n “° ypbind’ >/dev/console 
fi 


On subsequent reboots, the YP service automatically starts from the 











fetc/rc.local file. 


Note 
Be sure that the entry for the domain name precedes the entries 
for the YP daemons in the /etc/rc.local file. 


If your system is also running NFS, be sure the YP entries 
precede the NFS entries in the /etc/rc.local file. 


2.4.2.6 Modify the /etc/svcorder File — You need to modify the 
/eitc/svcorder file. See Section 2.4.1.7 for information about the 
/etc/svcorder file. 


2.4.2.7 Edit the /usr/lib/crontab File — To allow your YP slave server to 
receive updated copies of the YP master server’s YP maps, place ypxfr 
command entries in the /usr/lib/crontab file. For examples of crontab 
entries, look at these files: 


/etc/yp/ypxfr__1 perday 
/etc/yp/ypxfr_2perday 
/etc/yp/ypxfr__1perhour 


See cron(8) and ypxfr(8yp) in the ULTRIX Reference Pages for further 
information. 


2.4.2.8 Add the New Slave Server to the Domain — To add the new 
slave server to the domain, follow the directions in Section 2.8.1. 


2.4.3 Setting Up a YP Client 


The local area network must be established before you can set up your 
system as a YP client. In addition, there must be a YP server on the 
network running the ypserv daemon for the domain. 


To set up your system manually as a YP client, follow these steps: 
1. Establish the YP domain 

Start the YP port mapper daemon 

Modify the default YP data base files 

Edit the /etc/rc.local file 

Modify the /etc/svcorder file 
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2.4.3.1 Establish the YP Domain ~ Set the domain name with the 
domainname command, using this format: 


/bin/‘domainname domainname 
For example, to set the domain name for the domain market, type: 


ypclient# /bin/domainname market 


2.4.3.2 Start the YP Port Mapper Daemon - If the RPC port mapper is 
not running, start it: 


ypclient# /etc/portmap 


2.4.3.3 Modify the Default YP Data Base Files - Edit the default data 
base files as described in Section 2.5. Then, start the ypbind daemon: 


ypclient# /etc/ypbind 


2.4.3.4 Edit the /etc/rc.local File — Add an entry to the /etc/rc.local file 
to set up the default YP domain name, using this format: 


/bin/domainname domainname 


You also need to add entries for the /etc/portmap and /etc/ypbind daemons. 
For example, the entry for ypbind should look like this: 
if [ -f /etc/portmap -a -f /etc/ypbind J]; then 
/etc/ypbind; echo --n ° ypbind’ >/dev/console 
f i 
On subsequent reboots, the YP service automatically starts from the 
/etc/rc.local file. 


Note 


Be sure that the entry for the domain name precedes the entries 
for the YP daemons in the /etc/rc.local file. 


If your system is also running NFS, be sure the YP entries 
precede the NFS entries in the /etc/rc.local file. 


2.4.3.5 Modify the /etc/svcorder File - You need to modify the 
/etc/svcorder file. See Section 2.4.1.7 for information about the 
/etc/svcorder file. 








2.5 Altering YP Client Local Files 


All YP clients on the network should be updated to use the YP master’s 
versions of the YP maps, rather than their potentially out-of-date local 
files. This policy is enforced by running a ypbind process on the client 
system, including systems that might be running YP servers, and by 
modifying or eliminating the following files: /etc/group, /etc/hosts, 
/etc/hosts.equiv, /etc/netgroup, /etc/networks, /etc/passwd, /etc/protocols, 
letc/rpc, /etc/services, and /.rhosts. The following six sections discuss how 
to treat each of these files. 


2.5.1 The networks, protocols, rpc, services, and netgroup Files 


The /etc/networks, /etc/protocols, /etc/rpc, /etc/services, and /etc/netgroup 
files are not needed on any YP client. If you would prefer to keep them, 
you can leave them where they are or you can move them to backup files. 
The following example shows how to move the /etc/networks file to 
/etc/networks.old: 


# mv /etc/networks /etc/networks.old 


2.5.2 The /etc/hosts.equiv File 

The YP service does not serve the /etc/hosts.equiv file. However, you can 
add escape sequences to activate YP. This reduces problems with rlogin 
and rsh that are sometimes caused by different /etc/hosts.equiv files on two 
systems. 

To let anyone log in to a system, you could edit /etc/hosts.equiv so that it 
contains a single line with only the plus character (+) on it, which 
matches any host name. 


However, you can exercise more control over logins by using lines of the 
form: 


+ @trusted_group1 
+ @ trusted_group2 
— @ untrusted_group 


Each of the names to the right of the at character (@) is assumed to be 
a network group name, defined in the global network group YP map that 
YP serves. For example, if two trusted groups are staff and users, and an 
untrusted group is guest, these are the appropriate /etc/hosts.equiv entries: 





+@staff 
+@users 
-@guest 


If no escape sequence is used, only the entries in /etc/hosts.equiv are used, 
and YP is not used. 


2.5.3 The .rhosts File 


The YP service does not serve .rhosts files. The format of the .rhosts file 
is identical to that of /etc/hosts.equiv. However, since the /.rhosts file 
controls remote root access to the local system, you should restrict access 
to it. You should make the list of trusted hosts explicit or use the 
network group names. 


2.5.4 The /etc/hosts File 


The /etc/hosts file must contain entries for the local host’s name and the 
local loopback name. Otherwise, the system could hang while coming up to 
multiuser mode. The entries in the /etc/hosts file are accessed at boot | 
time when the YP service is not yet available. After the system is 
running, and after the ypbind process is up, the /etc/hosts file is not 
accessed. An example of the hosts file for YP client orville is: 


127.0.0.1 localhost 
192.9.1.87 orville # John Q. Random 


2.5.5 The /etc/passwd File 


The /etc/passwd file should contain entries for root and the primary users 
of the system and an escape entry to force the use of YP. 


A sample YP client’s /etc/passwd file looks like: 


root: 6H2/WWVZnIiFgM:0:1:Bossman with a C shell:/:/bin/csh 
operator::0:28:Operator:/opr:/opr/opser 

daemon: *:1:1:Mr. Background:/: 

Ssys:xzuEOVILjJYpJM:2:3:Mr. Kernel:/usr/sys: 

bin: xcvjW4aifaUn:3:4:Mr. Binary:/bin: 
uucp:Nologin:8:8:USENET New System: /usr/spool/netnews: 
+: 


The last line is the escape entry that informs the library routines to use 
the YP service rather than give up the search. Entries that exist in the 
local files, such as /etc/passwd, mask analogous entries in the YP maps. 
In addition, earlier entries in the file mask later entries with the same 





user name or the same user identification (UID). 


Note 


It is important that the +: entry always be last. Any entries 
in the /etc/passwd file placed after the +: entry are ignored 
because the library routines go directly to the YP map. 


If you run the netsetup or uucpsetup commands after YP is 
running, check the /etc/passwd file to be sure the +: entry is 
last. 


If you want to run uucp throughout your YP domain, you must 

run uucpsetup on the YP master server and then remake the 

password maps: 

1. Run uucpsetup on the YP master server. 

2. Edit the /etc/passwd file. If /etc/passwd is the YP password 
map, place the +: entry at the end of the file. Otherwise, 
move the entries that uucpsetup appended after the +: entry 
to the YP password map (usually /var/yp/src/passwd). 

3. Make the YP password map: | 


# cd /var/yp 
# make passwd 


See Sections 2.6 and 2.7 for further information about modifying 
and propagating YP maps. 


2.5.6 The /etc/group File 
You can reduce the /etc/group file to a single line by using: 
mith 


This line forces all translation of group names and group identifications to 
be made by the YP service. 


2.6 Modifying and Creating YP Maps 


You should modify the YP maps that YP serves on the YP master server, 
which then propagates copies of its modified data bases to the YP slave 
servers. You can modify the maps you expect to change most frequently, 
such as passwd, by first editing the ASCII file and then running make on 
/var/yp/Makefile. 


For example, to add a YP user, follow these steps: 


1. Edit the YP master server’s passwd file and add an entry for the 
new user. If you have chosen to move the default files as noted in 
Section 2.4.1, edit the directory. For example, edit 
/var/yp/src/passwd. Otherwise, edit the local file /etc/passwd. 


vA Type: 


# cd /var/yp 
# make passwd 


Whether you use the Makefile command in /var/yp or some other procedure, 
the goal is the same; a new pair of dbm files must be created in the 
domain directory on the YP master server. For further information, see 
ypmake(8yp) in the ULTRIX Reference Pages. 


You can manually edit nonstandard YP maps that are specific to the 
applications of a particular vendor or site, YP maps that you expect to 
change rarely, or YP maps for which no ASCII form exists, such as maps 
that did not exist before YP was set up. Use the makedbm command 
with the —u option to disassemble the YP maps into a form that can be 
modified using standard tools such as awk, sed, or vi. Then, build a new 
version of the YP maps using the makedbm command. You can do this 
manually in two ways: 


® You can redirect makedbm output to a temporary file that can be 
modified and then piped back into makedbm. 
e You can operate on the makedbm output within a pipeline that feeds 


directly into makedbm again. This is appropriate if you can update 
the disassembled map by modifying it with awk or sed, or by 
appending to it with cat. 


For example, suppose that you want to create a nonstandard YP map, 
called mymap, and that you want it to consist of key-value pairs in which 
the keys are strings such as al, bl, cl, and so forth, and the values are ar, 
br, cr and so forth. There are two procedures that you can follow when 
creating maps. In one, you use an existing ASCII file as input; in the 
other, you use standard input. 


e If there is an existing ASCII file, you can create the YP map for it 
using the makedbm command. For example, if the file is named 
/var/yp/src/mymap.asc and resides on the YP master server called 
ypmaster for a domain called market, you can create the YP map by 


typing: 





# cd /var/yp/src 
# /var/yp/makedbm mymap.asc ../market/mymap 


To update the YP map, remember to modify the ASCII file first. 
Modifications made to the map, but not also made to the ASCII file 
would become lost. Make the modification like this: 

# cd /var/yp/src 


# vi mymap.asc 
# /var/yp/makedbm mymap.asc ../market/mymap 


e If there is no original ASCII file, you can create the YP map by 
typing input like the following. In this example, the default domain 
is market: 


# cd /var/yp/market 
# /var/yp/makedbm — mymap 


al ar 
bl br 
cl ocr 
<CTRL/D> 


If you need to modify that map, you can use makedbm to create a 
temporary ASCII intermediate file, which you can edit using standard 
tools. For example: 


# cd /var/yp/market 
# /var/yp/makedbm —-u mymap > mymap.tem 


You can now edit mymap.temp so that it contains the correct 
information. To create a new version of the YP map, type: 


# /var/yp/makedbm mymap.temp mymap 
# rm mymap.temp 


Support on the YP slave servers for propagation of the new maps 
consists of appropriate entries either in /usr/lib/crontab or in one of 
the ypxfr shell scripts mentioned in Section 2.7. To get an initial 
copy of the map, you can run ypxfr by hand on each of the slave 
servers. The map must be globally available before clients begin to 
access it. If the map is available from some YP servers, but not all, 
you get unpredictable behavior from client programs. 


After you have modified the YP maps, you need to propagate them to the 
other servers on the domain. See Section 2.7 for a description of how to 
propagate YP maps. 


2.7 Propagating YP Maps 


To propagate a YP map is to move it from place to place, usually from 
the master YP server to a slave. The YP maps can be propagated from 


following sections. 


2.7.1 Using make to Propagate YP Maps 

You can propagate the default YP maps from the master YP server using 
the make command, as described in Section 2.6. For example, to 
propagate the hosts file, type: 


ypmaster# cd /var/yp 
ypmaster# make hosts 


The Makefile automatically runs the yppush command to push the YP map 
from the YP master server to the slave servers on the domain. See 
ypmake(8yp) in the ULTRIX Reference Pages for further information about 
how make propagates the YP maps. 


The yppush command uses the ypservers YP map to obtain a list of YP 
servers in your domain. To each of the named YP servers, it sends a 
Transfer Map request. The ypserv command forks a copy of ypxfr, invoking 
it with the -C option, passing the information it needs to identify the 
map, and calling back the initiating yppush process with a summary status. 


2.7.2 Using makedbm to Propagate YP Maps 


You can propagate nondefault YP maps from the YP master server using 
makedbm and then yppush, as described in Section 2.6. For example, to 
propagate a nondefault YP map called sales.asc that resides in /var/yp/src 
on the domain market, type: 

ypmaster# ed /var/yp/srcec 


ypmaster# /var/yp/makedbm sales.asc ../market/sales 
ypmaster# yppush sales 


The yppush command uses the ypservers YP map to obtain a list of YP 
servers in your domain. To each of the named YP servers, it sends a 
Transfer Map request. The ypserv command forks a copy of ypxfr, invoking 
it with the —C option, passing the information it needs to identify the 
map, and calling back the initiating yppush process with a summary status. 


2.7.3 Using ypxfr to Propagate YP Maps 
After you have initialized a YP slave server, you can propagate the YP 
maps from the YP master server by using the ypxfr command in two 
ways: 
@ Running ypxfr from cron 
Maps have differing rates of change; for instance, the protocols YP 
map might not change for months at a time, but the passwd YP 





can set up the /usr/lib/crontab file entries to run ypxfr periodically at 
a rate appropriate for any map in your YP data base. The ypxfr 
command contacts the master server and transfers the map only if 
the master’s copy is more recent than the local one. 


To avoid needing a crontab entry for each map, you can group 
several maps with approximately the same change characteristics 
together in a shell script, which can be run from /usr/lib/crontab. 
Suggested groupings, mnemonically named, are in the /var/yp 
directory: ypxfr_iperhour, ypxfr_iperday, and ypxfr_2perday. (If you 
set up a YP slave server with ypsetup, these entries are placed in 
/usr/lib/crontab automatically.) If the rates of change are 
inappropriate for your environment, you can easily modify or replace 
these shell scripts. 


These shell scripts should be run on each YP slave server in the 
domain. You should alter the exact time of execution from one i: 
server to another to prevent the master from overloading. If you 
want the map transferred from some particular server other than the 
master, you can specify this using ypxfr’s —h option within the shell 
script. Finally, you can check and transfer maps that have unique 
change characteristics by explicitly invoking ypxfr from within 


/usr/lib/crontab. For example: 
15 2 * * * /var/yp/ypxfr_lperday 


In this example, /var/yp/ypxfr_iperday is a script. 


See ypxfr(8yp) and cron(8) in the ULTRIX Reference Pages for 
further information. 


Running ypxfr manually 

You can run ypxfr manually as a command. ‘Typically, you do this 
only in exceptional situations, such as when setting up a temporary 
YP server to create a test environment or when quickly trying to 
update an out-of-date YP server’s YP maps. For example, to 
propagate the group YP map, type: 


ypslave# /usr/etc/ypxfr group.byname 
ypslave# /usr/etc/ypxfr group.bygid 


Be sure you run ypxfr for each file making up the YP map. 


Each of the ypxfr transfer attempts and results can be captured in a 
log file. If the file /var/yp/ypxfr.log exists, then the results are 
appended to it. There is no attempt to limit the log file length. To 
stop the information from accumulating in the log file, remove 
/var/yp/ypxfr.log. See ypxfr(8yp) in the ULTRIX Reference Pages for 
further information. 


2.8 Modifying the YP Environment 


This section describes how to modify the YP environment. The following 
topics are discussed in this section: 


® Adding YP servers to the domain 
e Removing YP slave servers from the domain 
e Changing a YP map’s master server 


® Adding users to a YP client 


2.8.1 Adding YP Servers to the Domain 


To add a YP slave server to the domain, begin by modifying the maps on 
the YP master server. If the new server is a host that has not been a 
YP server before, you must add the host name to the ypservers map in 
the master YP server’s default domain. For example, the sequence for 
adding a server named osprey to domain market is: 

ypmaster# cd /var/yp 

ypmaster# (/var/yp/makedbm -u market/ypservers ; echo osprey)\ 

|/var/yp/makedbm — tmpmap 

ypmaster# mv tmpmap.dir market/ypservers.dir 

ypmaster# mv tmpmap.pag market/ypservers.pag 

ypmaster# yppush ypservers 


Note 


The second command in this example is on two lines. You can 
type these lines as one long command even if the line wraps on 
your screen, or you can use the backslash escape character (\), 
as shown. However, you cannot simply type half the command 
(without the backslash), press the RETURN key, and type the 
second half. 


The new host address should also be in the hosts YP map. If it is not, 
add an entry for this host to the YP master server’s master hosts file and 
then run make. For example, if the hosts file is stored as /etc/hosts, the 
commands are: 


ypmaster# vi /etc/hosts 


ypmaster# cd /var/yp 
ypmaster# make hosts 


(continued on next page) 











The new YP slave server’s data bases should be set up by copying the 
files from the YP master server. To do this, log in to the new YP slave 
and set up the YP environment as described in Section 2.3 for the 
automatic procedure and Section 2.4.2 for the manual procedure. 


After you have added a server to the domain, you need to propagate the 
YP maps from the YP master server to the new slave. See Section 2.7 
for a description of how to propagate YP maps. 


2.8.2 Removing YP Slave Servers from the Domain 


To remove a YP slave server from the domain, begin by modifying the 
maps on the YP master server. You need to remove the server’s host 
name from the ypservers map in the master YP server’s default domain. 
For example, the sequence for removing a server named osprey from 
domain market is: 

ypmaster# cd /var/yp 

ypmaster# /var/yp/makedbm -u market/ypservers |\ 

grep -—v osprey|/var/yp/makedbm — tmpmap 

ypmaster# mv tmpmap.dir market/ypservers.dir 

ypmaster# mv tmpmap.pag market/ypservers.pag 

ypmaster# yppush ypservers 


Note 


The second command in this example is on two lines. You can 
type these lines as one long command even if the line wraps on 
your screen, or you can use the backslash escape character (\), 
as shown. However, you cannot simply type half the command 
(without the backslash), press the RETURN key, and type the 
second half. 


2.8.3 Changing a YP Map’s Master Server 


To change a YP map’s master server to a different system, first build the 
map at the new master. Because the old YP master’s name occurs as a 
key-value pair in the existing map, it is not sufficient to use an existing 
copy at the new master server or to send a copy there with ypxfr. The 
key must be reassociated with the new master’s name. If the map has an 
ASCII source file, the current version should be present at the new 
master. Remake the YP map locally with the sequence: 


newmaster# cd /var/yp 
newmaster# make salary.byhour 


In this example, salary.byhour is the name of the YP map. The 
/varlyp/Makefile file must be set up correctly for the make command to 
work. If it is not, you should do it before doing anything else. In 
addition, go back to the old master (if it is to remain a YP server) and 


edit /var/yp/Makefile so that the salary.byhour map is no longer made there. 


To do this, comment out the section that made the map (salary.byhour) in 
the old master server’s /var/yp/Makefile. 
If the map only exists as a dbm file, you can recreate it on the new 
master by disassembling an existing copy from any YP server and running 
the disassembled version back through makedbm. For example: 

newmaster# cd /var/yp 

newmaster# ypcat -—k salary.byhour [\ 

/var/yp/makedbm — market/salary.byhour 
After making the map on the new master, you need to send a new copy 
of the map to the other YP slave servers. Do not use yppush, because 
the other slaves would try to get new copies from the old master, rather 
than the new one. 
A typical method is to become superuser on the old master server and 
type: 

oldmaster# /var/yp/ypxfr —h newmaster salary.byhour 
Now that you have a new copy on the old master server, you can run 
yppush. The remaining slave servers will attempt to get the current 


version of the map from the old master server. When they do, they will 
get the new map, which names the new master as the current master. 


2.8.4 Adding Users to a YP Client 


To add a user to a YP client on the network, add an entry to the YP 
master server’s password file and create a home directory on the new 
user’s system as described in the following steps: 


1. Edit the YP master server’s /etc/passwd file 
Update the YP map 
Make a home directory 


Set up the new user’s environment 


om oN 


Propagate the updated YP map 


2.8.4.1 Edit the YP Master Server’s /etc/passwd File - On the YP 
master server, add a new line to the master copy of the password file. If 
you are using the file /etc/passwd as the master copy, use the vipw 
command. The vipw command brings the password file into the vi editor 
and prevents anyone else from editing it until you are done: 


ypmaster# /etc/vipw 


Otherwise, edit the master copy. For example: 


# vi /var/yp/src/passwd 


The passwd file is a readable ASCII file with a one-line entry for each 
valid user on the system. Here is a sample passwd entry for a user 
named Jane Doe: 


doe: fnuTqqab.6yec:444:10:Jane Doe:/usr/staff/doe:/bin/csh 


See the Guide to System Environment Setup for a description of how to 
edit the passwd file to add a new user. 


Note 


The remote systems on the network recognize a user by the user 
identification (UID) number. Therefore, it is important that each 
user have the same UID on each of the systems on the network. 


2.8.4.2 Update the YP Map —- After you have updated the YP master 
server’s password file and created a password for the new user, be sure to 
update the YP map by running /var/yp/make for /etc/passwd: 


ypmaster# cd /var/yp 
ypmaster# make passwd 


You need to adjust the make command if the master copy of the passwd 
file is kept somewhere other than /etc. For example, if the passwd file is 
in /var/yp/src, type: 


ypmaster# cd /var/yp 
ypmaster# make DIR=/var/yp/srce passwd 


2.8.4.3 Make a Home Directory - On the new user’s system, create a 
home directory for the new user. Use the same directory name that you 
specified in the YP master server’s /etc/passwd file. For example, if you 
are setting up a new user doe in /usr/staff, use this sequence of _ 
commands: 











ypclient# cd /usr/staff 
ypclient# mkdir doe 

ypclient# chown doe doe 
ypclient# chgrp 10 doe 


A common group identification number is 10. See group(5yp) in the 
ULTRIX Reference Pages for further information. 


If the YP map for the password file has not yet been updated on the 
system’s YP server, you get an error message when you attempt to run 
the chown command. The format of the message is: 


unknown user id: username 


In that case, you can use the new user’s UID number (from the 
/etc/passwd file entry) instead of the login name to change the owner of 
the home directory. Here is the format of the command: 


chown userid# username 


See the Guide to System Environment Setup for further information about 
setting up new user accounts. 


2.8.4.4 Set Up the New User’s Environment - You can define new 
users’ login environments in several ways. For example, you might give 
new users a copy of such files as .login and .cshrc if they use the C shell 
(/bin/esh), or just .profile if they use the Bourne shell (/bin/sh). Copies of 
the default environment files are stored in the directory /usr/skel. See the 
Guide to System Environment Setup and csh(1) and sh(1) in the ULTRIX 
Reference Pages for further information about setting up a new user’s 
environment. 


If the new user is a member of any groups at your site, add his or her 
login name to the /etc/group file as necessary. Be sure to make the 
changes to the /etc/group and /etc/netgroup files on the YP master server 
if you are running YP. See group(5yp) and groups(1) in the ULTRIX 
Reference Pages for more information about user groups. 


2.8.4.5 Propagate the Updated YP Map - After you have modified the 
YP maps to include the new user, you need to propagate them to the 
other servers on the domain. See Section 2.7 for a description of how to 
propagate YP maps. 


| 
: 
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This chapter explains how to maintain and manage the Yellow Pages (YP) 
service. There are many ways you can use the YP service on your 
system, and some are more efficient than others for your particular YP 
domain. The information included in this chapter will help you understand 
the implications of setting up YP in various manners. 


This chapter also discusses system security with YP and offers ways to 
increase this security. 





3.1 System Security with YP 


This section describes the various aspects of system security while YP is 
running. For further information about security, see yppasswd(lyp), 
hosts.equiv 5yp), exports(5yp), passwd(5yp), group(5yp), netgroup(5yp), and 
yppasswdd(8yp) in the ULTRIX Reference Pages. 


3.1.1 Global and Local YP Files 


Of the YP maps, the following are originally in the /etc directory before 
YP is set up: /etc/group, /etc/hosts, /etc/networks, /etc/passwd, 
/etc/protocols, /etc/rpc, and /etc/services. 


In addition, YP uses the /etc/netgroup file to create the netgroup YP map. 


The YP maps are divided into local and global file types. The /etc/passwd 
and /etc/group files are local files. They are first checked for on the local 
system, and then any entries beginning with the YP special characters ( +, 
—-, @) are interpreted as appropriate. 

The remaining YP maps (hosts, netgroup, networks, protocols, rpc, and 
services) are treated as global files only. The information in these maps is 
network-wide data and is accessed only from YP. However, when booting, 
each system needs an entry in /etc/hosts for itself. 


In summary, if YP is running, local files are consulted first; global files are 
only checked in the YP maps. 





3.1.2 Local System Files with Pointers to YP Maps 


The files /etc/hosts.equiv and /.rhosts are not in the YP data base. Each 
system has its own unique copy. However, you can place entries in your 
/etc/hosts.equiv file that refer to YP. Consider the following sample line: 


+@engineering 


Because this entry begins with +@, it includes all members of engineering 
as it-is defined in the YP map netgroup. (The @ refers to members of 
the /etc/netgroup file.) A line consisting only of + includes everyone in 
the /etc/hosts.equiv file. 


Conversely, an entry starting with -@ excludes everyone listed in that 
network group. For example, the following entry excludes everyone listed 
within the network group sales: 


-@sales 


To be able to log in to a remote system without having a password, you 
need to have an entry for your local system name in the /etc/hosts.equiv 
file and an entry for your login name in the /etc/passwd file (on the 
remote system). By having a plus (+) entry in /etc/hosts.equiv, you 
effectively bypass this check, and anyone with a login entry in the 
/etc/passwd file is allowed to log in to the system over the network 
without restriction. 


The /etc/passwd and /etc/group files can also have plus and minus ( +,-) 
entries. A line such as the following in the /etc/passwd file pulls an entry 
for doe from YP: 


+doe::::John H. Doe:/usr2/doe:/bin/csh 
The user and group identifications and the password are obtained from YP. 


The description field, home directory, and default shell are obtained from 
the plus (+) entry itself. 


On the other hand, an /etc/passwd entry such as the following gets all of 
its information from YP: 


+doe: 
Notice the differences in the following two entries: 
+doe::1189:10:John H. Doe:/usr2/doe:/bin/csh 


doe::1189:10:John H. Doe:/usr2/doe:/bin/csh 


In the first of the two entries, the password field is obtained from YP. In 
the second entry, user doe has no password. Also, if there is no entry for 
doe in YP, then the effect of the first entry is as if no entry for doe 





were present at all. 


Note 
Do not put the following entry in the /etc/passwd file: 
+::0:0::: 
This entry would make every YP client on the network insecure. 
Each user whose password data is obtained from the YP service 


rather than the local /etc/passwd file would have root 
identification and permissions. 


Finally, an entry such as the following excludes the user doe from being 
allowed to log in to the system: 


-doe: 


See Chapter 1 for further information about the plus and minus entries. 


3.2 YP Map Access Policies 


This section summarizes the policies used by the C-library routines when 
they access the following files on a system running YP: 


/etc/group 
Always consulted. If there are plus or minus (+,-) entries, the YP 
group map is consulted; otherwise, YP is unused. 


/etc/hosts 
Consulted only when booting (by the ifconfig command in the 
letc/rc.local file). After that, the YP hosts map is used. 


/etc/hosts.equiv 
Always consulted, but not kept in the YP maps. If there are plus or 
minus (+,-) entries whose arguments are network groups, the YP 
netgroup map is consulted; otherwise, YP is unused. 


/etc/netgroup 
Never consulted. The /etc/netgroup file is used only for the 
construction of the YP netgroup map. All data is taken from YP. 


/etc/networks 
Never consulted. The data that was formerly read from this file now 
comes from the YP networks map. 


/etc/passwd 
Always consulted. If there are plus or minus (+,-) entries, the YP 
password map is consulted; otherwise, YP is unused. 


/etc/protocols 
Never consulted. The data that was formerly read from this file now 





.rhosts 
Always consulted, but not kept in the YP maps. If there are plus or 
minus (+,—) entries whose arguments are network groups, the YP 
netgroup map is consulted; otherwise, YP is unused. 


/etc/services 
Never consulted. The data that was formerly read from this file now 
comes from the YP services map. 


/etc/svcorder 
Always consulted. This file specifies the order in which database 
lookup services are to be queried. 


3.3 Special YP Password Change 


When you change your password with the passwd command, you change 
the entry explicitly given in the local /etc/passwd file. If your password is 
not given explicitly, but is pulled in from YP with a plus (+) entry, then 
the passwd command prints this error message: 


Not in passwd file. 


If you are running YP on your system, the special account password 
entries are stored in /etc/passwd, but general user accounts are typically 
stored in /var/yp/passwd. Therefore, to change the superuser (root) 
password you must use the passwd command. To change a general user’s 
password in YP, you must use the yppasswd command. 


To enable the yppasswd command, the system administrator must start the 
yppasswdd daemon on the system serving as the master for the YP 
password file. The following entry in the /etc/rc.local file causes the 
yppasswdd daemon to start automatically each time the system is booted: 


/usr/etc/rpc.yppasswdd /etc/passwd -m passwd DIR=/etc 


See yppasswdd(8yp) in the ULTRIX Reference Pages for further 
information. 


3.4 Netgroups: Network-Wide Groups of Systems and 
Users 


Netgroups are network-wide groups of systems and users defined in the 
/etc/netgroup file on the master YP server. These groups can be used for 
permission checking during remote mount, login, remote login, and remote 
shell processes. 

The master YP server can use /etc/netgroup to generate three YP maps in 


the /var/yp/domainname directory: netgroup, netgroup.byuser and 
netgroup.byhost. The netgroup YP map contains the basic information in 


information to speed the lookup process of network groups. 


Some programs that consult the YP maps are mountd, rlogin, and rsh. 

The mountd program consults them for system classifications, if it 
encounters netgroup names in the exports file. The rlogin and rsh 
programs consult the netgroup map for both system and user classifications 
if they encounter netgroup names in the hosts.equiv or .rhosts file. 


If you place your /etc/netgroup file in a source directory (such as 
/var/yp/src), then when you execute the make command in the /var/yp 
directory, the make command will not find the netgroup file. To correct 
this, update the netgroup file in the source directory. Then copy it to 
/etc/netgroup before executing the make command. For more information, 
see make(1) in the ULTRIX Reference Pages. 


For information on the /etc/netgroup file format, see netgroup(5yp) in the 
ULTRIX Reference Pages. See the Guide to the Network File System for 
information about the Network File System (NFS). 


Here is a sample /etc/netgroup file for the domain market: 


# Engineering: Everyone, but eric, has a system; he has no system. 
# The system ‘testing’ is used by all of the hardware group. 

# 

engineering hardware software 

hardware (mercury,alan,market) (venus,beth,market) (testing,-,market) 
software (earth,chris,market) (mars,deborah,market) (-,eric,market) 
# 

# Marketing: Time-sharing on star 

# 

marketing (star,fran,market) (jupiter,greg,market)\ 
(jupiter,dan,market) 


# 

# Others 

# 

allusers (-,,market) 
allhosts (,-,market) 


Based on this sample, the users would be classified into groups for the 
domain market as follows: 


Group Users 

hardware alan, beth 

software chris, deborah, eric 

engineering alan, beth, chris, deborah, eric 
marketing fran, greg, dan 

allusers every user in the passwd YP map 
allhosts no users 


Here is how the systems would be classified: 





Group 


hardware 
software 
engineering 
marketing 
allusers 
allhosts 


Hosts 


mercury, venus, testing 

earth, mars 

mercury, venus, testing, earth, mars 
star, jupiter 

no hosts 

all hosts in the hosts YP map 
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This chapter describes the most common causes of YP malfunctions and 
provides some methods for solving the problems. The topics discussed are: 


° How to solve problems on a YP client and a YP server 

e How to solve problems on a YP client 

The source of a YP problem usually lies in one of the following areas: | 
° There are no YP servers on the domain running the ypserv daemon | 
e The network or the YP server is overloaded 

e The YP client has not set the domain name properly for the system | 
e The ypbind process is not running | 
® The network is down | 


Before you can solve YP problems, you must be familiar with how YP 
operates and you should be familiar with the following YP commands and 
daemons: domainname, portmap, ypbind, ypcat, ypmake, ypmatch, 
yppasswdd, yppoll, yppush, ypserv, ypsetup, ypwhich, and ypxfr. For 
additional information, see Chapter 2. 


When solving YP problems, keep in mind that there are three main points 
of failure: the server, the client, or the network. 


Note 


The client and the server must be connected by a network for 
YP to be able to run and serve data bases properly. 


4.1 How to Solve Problems on a YP Client 

This section provides a description of common errors on a YP client and 
offers solutions for these problems. The problems are: 

@ Commands hang 

° YP service unavailable 

e The ypbind process exits 





® The ypwhich command is inconsistent 


4.1.1 Commands Hang 


The most common problem on a YP client is for a command to hang and 
generate console messages of this form: 


yp: server not responding for domain <domainname>. Still trying 


This message indicates that ypbind on the local system is unable to 
communicate with ypserv in the specified domain. Commands may hang if 
systems that run ypserv are taken off the network for any reason. This 
may also occur if the network or the YP server is so overloaded that 
ypserv cannot get a response back to the local system’s ypbind within the 
timeout period. Under these circumstances, the other YP clients on the 
network show the same or similar problems. The condition is temporary in 
most cases. The messages usually disappear when a YP server reboots 
and ypserv is running again, or when the load decreases on the YP servers 
or the Ethernet. 


However, in the following circumstances, the situation does not improve: 


@ The YP client has not set, or has incorrectly set, the domain name 
on the system. Clients must use a domain name that the YP 
servers know. Use the domainname command to see the client 
domain name. Compare that with the domain name set on the YP 
servers. The domain name should be set in the /etc/rc.local file. 

For example, if the domain name is market, there should be an entry 
in the /etc/rc.local file similar to this: 


/bin/domainname market 
If /etc/rc.local fails to set, or incorrectly sets, the domainname, you 
should do the following: 
1. Become superuser on the system in question. 


2. Edit /etc/rc.local to fix the domain name line with a proper 
name. This assures the domain name will be correct every 
time the system boots. 

3. Set domain name manually, so it is fixed immediately. For 
example, if the domain name is market, type: 


# domainname market 


e If your domain name is correct, make sure your local network has at 
least one YP server. You can bind to a ypserv process only on your 
local network, not on another accessible network. There must be at 


4.1.2 


network. Two or more YP servers improve availability and response 
characteristics for the YP service. 


If your local network has a YP server, make sure it is running. 
Check other systems on your local network. If several client systems 
have problems simultaneously, suspect a server problem. 


Find a client system that is operating normally and run the ypwhich 
command. If ypwhich does not return an answer, terminate it and 
go to a terminal on the YP server and type: 


# ps ax | grep yp 
Look for ypserv and ypbind processes. Depending upon the results: 
- If the ps command shows no ypserv process running, start one: 


# /usr/etc/ypserv 


~ If the ypserv daemon was running but the ypbind daemon is not, 
start it by typing: 
# /etc/ypbind 
Then execute ypwhich on the YP server. If ypwhich still returns no 
answer, ypserv has probably hung and should be restarted. Terminate 


the existing ypserv and ypbind processes and start them again. For 
example, if the process IDs are 102 and 121, type: 


# kill -9 102 121 
# /usr/etc/ypserv 
# /etc/ypbind 


The process ID numbers are found by using the ps command. 


YP Service Unavailable 


If other systems on the network appear to be running properly, but the 
YP service becomes unavailable on your system, many different symptoms 
can appear, such as: 


Some commands appear to operate correctly, while others terminate, 
printing an error message about the unavailability of YP. 


Some commands run inefficiently in a backup strategy particular to 
the program involved. 


Some commands or daemons exit with obscure messages or no 
message at all. Messages such as the following may appear (in this 
example, the domain name is market): 














# ypcat passwd 
ypcat: can’t bind to YP server for domain <market> 
Reason: can’t communicate with ypbind. 


# /var/yp/yppoll passwd.byname 
RPC_ TIMEDOUT 


If symptoms such as these occur, type the following while in a 
directory containing files owned by many users, including users not in 
your system’s /etc/passwd file (such as /usr): 


# Is -I 
If the Is command reports file owners who are not in your system’s 


/etc/passwd file as numbers, rather than names, this is another indication 
that YP is not working. 


These symptoms usually indicate that the ypbind process is not running. 
You can run the pS command with the a and xX options to check for one. 
If you do not find the ypbind process, type the following to start it: 


# /etc/ypbind 


Another possibility is that the /etc/svcorder file in incorrect. Be sure this 
file has an entry for YP. 


4.1.3 The ypbind Process Exits 
If the ypbind process exits almost immediately each time it is started, you 
should look for a problem in some other part of the system. Check for 
the presence of the portmap daemon by typing: 

# ps ax | grep portmap 


If you do not find it running, reboot the system. 
If the portmap daemon does not stay up or acts unusual, look for more 
fundamental problems. 
You may be able to talk to the portmap daemon on your system from 
another system on your network that is operating normally. From such a 
system, use the rpcinfo command. For example, if your system is named 
spice and the system that is operating normally is named sugar, type the 
following from sugar: 

Sugar# rpcinfo -p spice 


If your portmap daemon is running properly, the output should look like: 





program vers proto port 


100003 2 udp 2049 nfs 

100005 1 udp 1025 mountd 
100004 2 udp 1033 ypserv 
100004 2 tcp 1024 ypserv 
100004 1 udp 1033 ypserv 
100004 1 tcp 1024 ypserv 
100007 2 tcp 1025 ypbind 
100007 2 udp 1045 ypbind 
100007 1 tcp 1025 ypbind 
100007 1 udp 1045 ypbind 


The port numbers on your system may be different from those shown. 


If the ypbind processes are not there, ypbind has been unable to register 
its services. Reboot your system. If the ypbind processes are there and 
they change each time you try to restart /etc/ypbind, then reboot the 
system, even if the portmap daemon is running. 


4.1.4 The ypwhich Command Is Inconsistent 


If you use the ypwhich command several times at the same client system, 
the answer you get back may vary because the YP server can change. 
The binding of a YP client to a YP server can change over time on a 
busy network, or when the YP servers are busy. Whenever possible, the 
system stabilizes at a point where all clients get acceptable response time 
from the YP servers. As long as your client system gets the YP service, 
it does not matter where the service comes from. A YP server often gets 
its own YP service from another YP server on the network. 


4.2 How to Solve Problems on a YP Server 


This section provides a description of common errors on a YP server and 
offers solutions to these problems. 


Because YP works by propagating maps among servers, you can sometimes 
find different versions of a map on different servers on the network. If 
transient, this version skew is normal. Otherwise, it is abnormal. 


Most commonly, a normal update is prevented when a YP server or a 
network gateway system between YP servers is down during a map 
transfer attempt. When the YP servers and the network gateways between 
them are running, ypxfr should succeed. 


If a particular slave server has update problems, log in to that server and 
run ypxfr interactively. If ypxfr fails, it prints an error message that will 
help you solve the problem. If ypxfr succeeds, but you believe that it is 
failing at times, create a log file to enable the logging of messages by 


typing: 





# cd /var/yp 
# touch ypxfr.log 


This saves all output from ypxfr. The output looks much like what ypxfr 
creates when run interactively, but each line in the log file is timestamped. 


You might see unexpected orderings in the timestamps. The timestamp 
tells you when ypxfr began its work. If copies of ypxfr ran simultaneously, 
but their work took different amounts of time, they might write their 
summary status line to the log files in a different order. 


Any pattern of intermittent failure shows in the log file. After you have 
fixed the problem, turn off logging by removing the log file. If you forget 
to remove it, it grows without limit. 


While still logged in to the problem YP slave server, inspect /usr/lib/crontab 
and the ypxfr shell scripts it invokes. Typing mistakes in these files can 
cause propagation problems. Failures to refer to a shell script within 
crontab or failures to refer to a map within any shell script can also cause 
propagation problems. 


Make sure that the YP slave server is in the ypservers map within the 
domain. If it is not, it still works as a server, but yppush will not tell it 
when a new copy of a map exists. 


If the problem is not obvious, you can work around it while you debug by 
using the rcp or tftp command to copy the current version from any stable 
YP server. You might not be able to do this as superuser, but you 
probably will be able to do it as daemon. For example, type the following 
to transfer a map called buster: 


chmod go+w /var/yp/market 

su daemon 

rcp ypmaster:/var/yp/market/buster.\* /var/yp/market 
<CTRL/D> 

chown root /var/yp/market/buster. * 

chmod go-w /var/yp/market 


eH WH tH 


Notice that the asterisk (*) has been escaped with a backslash in the 
command line so that it will be expanded on the YP master server, 
instead of locally. In addition, notice that the map files should be owned 
by root, so you must change ownership of them after the transfer. It is 
easiest if you can do the rcp command as superuser. 


Note 


Because of architectural differences between VAX processors and 
non-DIGITAL processors, you may not be able to copy files from 
one processor to another using the rcp command. The ypxfr 
command, however, does resolve the byte ordering differences 
found in a heterogeneous networking environment. 





4.2.1 YP Does Not Update Data Base 


If you change a data base and then execute a make command, the data 
base may not get updated. If this happens, remove the file data base.time 
from the directories /var/yp and /var/yp/domainname. 


For example, if the netgroup file of the domain market is changed and 
successfully updated, the make command should respond with: 


netgroup updated 


If the make command instead states that the netgroup is up to date, enter 
these commands: 


cd /var/yp 

rm netgroup.time 
cd cadnetwork 

rm netgroup.time 
ed .. 

make netgroup 


Se th He te te te 


4.2.2. The ypserv Process Exits 


If the ypserv process exits almost immediately and will not stay up even 
when repeatedly activated, the process of finding the problem is virtually 
identical to that described in Section 6.5.1.3. Check for the portmap 
daemon: 


# ps ax | grep portmap 


Reboot the server if you do not find it. However, if it is there, run the 
rpcinfo command: 


# /usr/etc/rpcinfo —p 


program vers proto port 

100003 2 udp 2049 nfs 

100005 1 udp 1025 mountd 
100004 2 udp 1033 ypserv 
100004 2 tep 1024 ypserv 
100004 1 udp 1033 ypserv 
100004 1 tcp 1024 ypserv 
100007 2 tcp 1025 ypbind 
100007 2 udp 1045 ypbind 
100007 1 tcp 1025 ypbind 
100007 1 udp 1045 ypbind 


The port numbers on your system may be different from those shown. If 
ypserv processes are not there, ypserv has been unable to register its 
services. Reboot the system. If the ypserv processes are there but they 
change each time you try to restart /usr/etc/ypserv, reboot the system. 
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